Bug in Radius NAS IP Attribute



  • I use pfsense with an external RADIUS Server and pfsense in CARP mode. Therefore I want to use the virtual CARP IP address to identify my NAS to radius server. The section box "RADIUS NAS IP" on service page captiveportal lists ths virtual adresses. If I select the virtual adress instead of a physical interface address then

    • the selection box shows the first entry (WAN) on the reloaded page but in config.xml the IP address is correct

    • the request to radius server uses the physical IP adress as nas host ip instead of the selected virtual address. So client.conf must have the phyiscal address. For me it's even worse because my radius serve is in another sub segment of another interface than captive portal.

    Example: Captiveportal is on OPT7 (phys. 192.168.98.254) and virtual 192.168.98.1; my radius server is on ip 192.168.30.8 (in segment 192.168.30.0/24) –> client.conf must be 192.168.30.254 otherwise the request is rejected as unkown host. The calling station id is correct 192.168.98.1 what i have selected in NAS IP.

    Why is pfsense not using the selected NAS IP address as sending host address?

    This important for

    • making CARP transparent for RADIUS (users keeps logged in otherwise there are a lot open accounting records)
    • to configure one NAS only instead of two
    • calling station id is the same than the calling host

    What can i do?


Log in to reply